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AMENDMENTS TO THE CLAIMS 

1 . (Currently Amended) An apparatus for handling SSL traffic comprising an SSL proxy 
operable to receive a plurality of packets each including an encrypted portion, the SSL proxy 
operable to buffer the packets until a predetermined number of packets greater than one packet 
are received, the SSL proxy further operable to decrypt the encrypted portion of each received 
packet and forward the decrypted packets to a predetermined destination. 

2. (Original) The apparatus of claim 1, v^rherein the SSL proxy includes a database operable 
to track information regarding a type of encryption scheme used to encrypt the encrypted 
portion, 

3. (Original) The apparatus of claim 1 , wherein the encrypted portion of the packets are 
decrypted when received and the SSL proxy buffers the received packets out of order* 

4. (Original) The apparams of claim 1 , wherein the SSL proxy tracks a message 
authentication code used to authenticate a message* 

5. (Currently Amended) The apparatus of claim 1 ^ wherein the packets are sent by a client 
computer running a web browser and received by a server computer running a web server . 

6. (Original) The apparatus of claim 5, wherein the SSL proxy is operable to receive 
unencrypted data i5rom the server computer, encrypt the unencrypted data, and send the 
encrypted data to a client computer, 

7. (Currently Amended) The apparatus of claim 1, wherein the SSL proxy performs 
encryption and decryption on packets using a single end-to-end TCP connection between a client 
computer and a server and the source and destination address of the packets are unaltered . 

8. (Currently Amended) A system for handling SSL traffic comprising: 
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a client nmning a web server computer operable to initiate an SSL session and to send 
packets with encrypted payloads; 

a server mining a web browser computer operable to support communications with the 
client computer; and 

a SSL proxy coupling the client computer and the server computer and operable to 
decrypt the encrypted payloads of each packet and forward the decrypted packets to the server 
computer. 

9. (Original) The system of claim 8, wherein the SSL proxy includes a database operable to 
track information regarding a type of encryption scheme used to encrypt the encrypted payloads, 

1 0. (Original) The system of claim 8, wherein the packets are decrypted when received by 
the SSL proxy and the SSL proxy buffers the received packets out of order. 

IL (Original) The apparatus of claim 8, wherein the SSL proxy tracks a message 
authentication code used to authenticate a naessage, 

12. (Original) The system of claim 8, wherein the SSL proxy is operable to encrypt packets 
sent from the server computer to the client computer. 

13. (Currently Amended) The system of claim 8, wherein a single end-to-end TCP 
connection exists between the client computer and the server computer and the source and 
destination address of the packets are unaltered , 

14. (Currently Amended) The system of claim 8, wherein the SSL proxy bxiffers the packets 
imtil a predetermined number of packets anive, then decrypts packets, and forward forwards the 
decrypted packets to the server, 

15. (Currently Amended) A method for processing SSL packets comprising: 
initializing an SSL session between a client computer and a SSL proxy; receiving a 

packet including an encrypted portion at the SSL proxy; 
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detennining if the received packet is a SSL packet; 

placing the received packet in a hold queue; checking the hold queue to determine if all 
packets ejcpected for a given record have arrived for a complet e s e t of pack e ts ; 

decrypting the encrypted portion of each packet once all the packets expected for the 
given record have arrived th e compl e te se t of paoketa oro roooivod : and 

outputting the decrypted packets to a server computer. 

16. (Original) The method of claim 15, wherein a message authentication code is checked to 
verify authenticity of the packet set. 

17. (Original) The method of claim IS, wherein non SSL packets are sent directly to the 
server. 

18. (Currently Amended) The method of claim 15, wherein the step of placing the packets in 
ahold queue comprises: 

placing packets received out of order in a queue; 

decrypting packets received in order and forwarding the decrypted packets to a server 
computer; 

checking the hold queue to determine if the packet in the queue is next in sequence; 
releasing the packet from the hold queue if the packet in hsUA Ae queue is the next in 
sequence; and 

getting a new packet if the packet in the hold queue is not the next in sequence. 

1 9. (Original) The method of claim 1 5, wherein the step of initializing further comprises 
initializing a single end-to-end TCP connection between the client computer and the server 
computer. 

20. (Original) iTie method of claim 1 5, further comprising: 

receiving packets with unencrypted data at a SSL proxy from the server computer; 
encrypting the packets at the SSL proxy; and 
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sending the encrypted packets to the client computer. 

2 1 . (Original) An apparatus for decrypting network data traffic comprising a proxy operable 
to: 

(i) receive packets addressed to a server computer, the packets including an encrypted 
portion, a destination address, and a source address; 

(ii) decrypt the encrypted portions of the received packets; and 

(iii) send the decrypted portions to a server computer without altering the destination or 
source address of the received packets. 

22. (Original) The apparatus of claim 2 1 , wherein the proxy is further opemble to: 

(i) receive packets addressed to a client computer, the packets including an unencrypted 
portion, a destination address, and a source address; 

(ii) encrypt the unencrypted portion of the received packets; and 

(iii) send the encrypted packets to the client computer without altering the destination or 
source address of the packets. 
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